How can I find security vulnerabilities in my source code?
The original, and still the best, method for finding security vulnerabilities in source code is to read and understand the source code.
Source code security vulnerabilities will vary between languages and platforms.
Items to look for in C code include:
| Potential vulnerability | Function calls to examine for vulnerabilities |
|---|---|
| Buffer overflows | gets(), scanf(), sprintf(), strcat(), strcpy() |
| Format string vulnerabilities | printf(), fprintf(), vprintf(), snprintf(), vsnprintf(), syslog() |
| Race conditions | access(), chown(), chgrp(), chmod(), mktemp(), tempnam(), tmpfile(), tmpnam() |
| Random number acquisition vulnerabilities | rand(), random() |
| Shell metacharacter vulnerabilities | exec(), popen(), system() |
Automated Source Code Security Vulnerability Scanners
There are intelligent tools available to help you examine large amounts of source code for security vulnerabilities.
| Tool | Description |
|---|---|
| Flawfinder | Examines source code and reports possible security vulnerabilities |
| RATS from Secure Software Solutions | Scans C, C++, PERL, PHP and Python source code for potential security vulnerabilities. |
| ITS4 from Cigital | Scans source code looking for potentially vulnerable function calls and preforms source code analysis to determine the level of risk |
| PScan | A limited problem scanner for C source files |
| BOON | Buffer Overrun detectiON |
| MOPS | MOdelchecking Programs for Security properties |
| Cqual | A tool for adding type qualifiers to C |
| MC | Meta-Level Compilation |
| SLAM | Microsoft |
| ESC/Java2 | Extended Static Checking for Java version 2 |
| Splint | Secure Programming Lint |
| MOPED | A Model-Checker for Pushdown Systems |
| JCAVE | JavaCard Applet Verification Environment |
| The Boop Toolkit | Utilizes abstraction and refinement to determine the reachability of program points in a C program |
| Blast | Berkeley Lazy Abstraction Software Verification Tool |
| Uno | Simple tool for source code analysis |
| PMD | Scans Java source code and looks for potential problems |
| C++ Test | Unit testing and static analysis tool |
For more information regarding source code scanners, read Source Code Scanners for Better Code in the Linux Journal.
For more information regarding secure programming, read the Secure Programming for Linux and Unix HOWTO.
Find source code vulnerabilities in your code with the help of these books on secure programming from Amazon.com
Bookmark How can I find security vulnerabilities in my source code?
| Virus Scan
Try a free virus scan at Kaspersky today. |
